b'            AUDIT REPORT\nSMITHSONIAN INSTITUTION ORGANIZATIONAL \n\n         CHECKING ACCOUNTS \n\n\n             Number A-02-10 \n\n\n              April 16,2003 \n\n\x0c                                       SUMMARY\n\nThe Office of the Inspector General audited Smithsonian Institution bank accounts. The\npurpose of the audit was to assess whether bank account internal controls were\nfunctioning effectively. Our audit was limited to 11 organizational checking accounts.\n\nGenerally, internal controls and safeguards over organizational checking accounts were\ninadequate to reduce the risks of loss or unauthorized use of Smithsonian funds to an ac-\nceptable level. Although our audit disclosed no instances of defalcation, we believe that\nreasonable alternatives for most transactions currently accomplished thorough organiza-\ntional checking accounts exist. Consequently, we made seven recommendations to im-\nprove Smithsonian bank account management. In summary, the recommendations are as\nfollows:\n\n           Perform re-certifications of all checking accounts and close those accounts\n           deemed unnecessary;\n\n           Revise, update, and issue policies and procedures that relate to organizational\n           checking accounts and purchase cards; and\n\n           Perform periodic compliance reviews to ensure that controls are operating ef-\n           fectively.\n\nThe Institution Comptroller concurred with the audit recommendations. Overall, we be-\nlieve that the corrective actions taken and planned are responsive to the recommenda-\ntions.\n\x0c                                                TABLE OF CONTENTS \n\n\n                                                                                                                                      PaRe \n\n1. Introduction .......................................................... ..................................................................1 \n\n                                                                              ,\n\n\n                                                                                           ...............................................1 \n\n     A. Purpose .............................................................................\n\n                                                                                 ....................................................1 \n\n       B. Scope and Methodology ....................................................\n       C. Background .......................................................................................................................1 \n\n\n                                                                       .\n2. \tResults ofAudit ..............................................................................................................................\n                                                                                                                                                3\n\n\n       Institution Organizational Checking Accounts .........................................................................\n                                                                                                                          3\n\n\nAppendix A. Management Comments from Catheryn Hummel, Comptroller ..............................9 \n\n\n\n\n\n                                     ABBREVIATIONS AND ACRONYMS\n\n                                 CFO                              Chief Financial Officer\n                                 OC                               Ofice of the Comptroller\n\x0c                                    INTRODUCTION\n\nA. Purpose\n\nThe purpose of the audit was to evaluate Institution internal controls for organizational\nchecking accounts.\n\nB. Scope and Methodology\n                      -.\n\nOur audit was conducted from August 5,2002, to February 28,2003, in accordance with\ngenerally accepted government auditing standards. We reviewed 11 of 14 Institution\nchecking accounts. Our methodology included the following:\n\n       identifying and reviewing applicable policies and procedures related to financial\n       accounting and organizational checking accounts, and\n\n       evaluating organizational checking account transactions.\n\nWe reviewed financial and procurement policies, procedures, and controls. As part of our\nreview, we interviewed staff from at least 12 Smithsonian units:\n\n       Office of the Comptroller (OC);\n\n       Office of Contracting;\n\n       Office of the Treasurer;\n\n       Center for Folklife and Cultural Heritage;\n\n       Smithsonian Marine Station at Fort Pierce;\n\n       Smithsonian National Museum of Natural History Arctic Studies Center;\n\n       Smithsonian Environmental Research Center;\n\n       Smithsonian Tropical Research Institute;\n\n       Smithsonian Astrophysical Observatory;\n\n       The Smithsonian Associates;\n\n       National Zoological Park; and\n\n       Cooper-Hewitt, National Design Museum.\n\nThrough interviews and transaction reviews, we gained an understanding of the controls\nand practices employed concerning organizational checking accounts.\n\x0cThe following points were considered throughout our audit: Adequate separation of du-\nties between individuals authorized to write, reconcile, and request check transactions,\nand the availability and use of alternatives to checking accounts. We conducted inter-\nviews to determine current check writing and account reconciliation processes, as well as\nthe processes involved in establishing and re-certifying accounts. Through interviews, we\ngained an understanding of existing internal controls associated with the Institution\'s\nbank accounts.\n\n\n\nThe Chief Financial Offlcer (CFO) issued a 2002-2006 Strategic Plan dated March 15,\n2002 that identifies the CFO as responsible for the financial integrity of the Institution.\nThe CFO is responsible for establishing financial policies and standards for the Institution\nto ensure fiscal discipline. The OC is responsible for preparing and maintaining the Insti-\ntution\'s official accounting and financial records, reports, and financial statements.\n\nThe first strategic goal is to set financial management standards, take responsibility, and\nshare commitment. This goal articulates the CFO\'s responsibility as steward of the Insti-\ntution\'s resources to set financial management standards through policies and procedures\nfor the entire Institution, to take responsibility for Institutional compliance with policies\nand procedures, and to promote financial and contracting best practices. The goal will\nensure fiscal discipline, strong internal controls, and compliance with policies and proce-\ndures.\n\x0c                                   RESULTS OF AUDIT\n\nInstitution Ornanizational Checking Accounts\n\nThe Institution could improve its oversight and internal controls of organizational check-\ning accounts. Specifically,weaknesses exist in organizational checking accounts concern-\ning:\n\n       lack of segregation of duties;\n\n       no supporting documents maintained;\n\n       unaccountable checks;\n\n       transaction records incomplete;\n\n       improper and not up-to-date signatories;\n\n       bank accounts exist without OC knowledge; and\n\n       transactions could be paid by purchase card.\n\nThis occurred because the Comptroller\'s office has not critically reviewed the need for\nunits to maintain organizational checking accounts and check writing transactions. As a\nresult, accounts were maintained that may not be necessary, were not used for intended\npurposes, and were used without authority.\n\nBackground\n\nThe scope of our review consisted of reviewing 11 of 14 organizational checking accounts\nfocusing on internal controls. We evaluated organizational checking accounts transac-\ntions for the bank statement for one year: August 2001 through August 2002.\n\nSmithsonian Directive 115,Management Controls, revised July 23, 1996,lists standards\nthat shall apply to Institution units. In particular, the directive requires managers to take\nsystematic and proactive actions to develop and implement appropriate, cost effective\nmanagement controls. It also requires that controls established shall provide reasonable\nassurance that assets are safeguarded against waste, loss, unauthorized use, and misap-\npropriation.\n\nSmithsonian Directive 302, Financial Management: Payments, Policies, Systems and Proce-\ndures, April 7, 1992, states that it is Smithsonian policy as well as sound business practice\nto pay for goods and services that are supported by proper invoices and other approved\ndocuments. Source documents are required to be maintained in a secure and readily ac-\ncessible location for audit. Requests for organizational checking accounts must be in\nwriting and specifically identify the circumstances that make it impracticable to use the\nSmithsonian\'s central purchasing system and payment systems. Directors are responsible\nfor ensuring that checking accounts comply with operational procedures and require-\nments. The OC is responsible for recertifying checking accounts periodically. The OC\n\x0cand our office conduct reviews and audits when necessary. Operational procedures re-\nquire the separation of duties: Separate employees should be assigned to authorize pur-\nchases, approve the receipt of goods or services, and approve disbursements. Each or-\nganization must support each disbursement with an original invoice, purchase authoriza-\ntion, evidence of receipt for goods and services, and the tax identification numbers for\nindependent contractors providing services. Organizations must maintain a daily check\nregister and account for both used and unused checks.\n\nRecords should contain the check number, date issued, payee, amount, purpose, fund\ncode, and account code. Banks should send bank statements to the Comptroller\'s office.\nOrganizations must not use organizational checking accounts for:\n\n       salary;                                          establishment or replenishment\n                                                        of petty cash; or\n       travel;\n                                                        reimbursement of employees.\n       equipment or construction services;\n\nMicro-purchases are purchases up to $2,500 for routine or occasional supplies and\nservices. Purchase card usage is limited to the micro-purchase threshold. A petty cash\npurchase is a method of making purchases under $500 from local vendors. Petty cash use\nis limited to emergency situations where the normal purchasing procedures will not result\nin timely payment.\n\nSmithsonian Directive 309, Merchant Credit Cards, September 6,2002, states that the OC\nis responsible for establishing merchant credit card accounts, recording revenues, and\nmonitoring Smithsonian Institution merchant credit card account activity. Smithsonian\nunits may not establish merchant credit card accounts except through the OC.\n\nSmithsonian Staff Handbook 314, Requisitioning - Purchase of Supplies, Equipment and\nServices, March 1993,provides policies and procedures for offices to acquire supplies,\nequipment, and services. Offices have the following purchase methods available: petty\ncash, purchase cards, purchase order system, and blanket purchase order system. Petty\ncash is available for advancing cash or reimbursing employees for small purchases of sup-\nplies and services in the local area. A purchase order permits ofices to purchase goods or\nservices directly from suppliers. A blanket purchase agreement is a simplified method of\nfilling anticipated repetitive needs for supplies or services by establishing "charge ac-\ncounts" with qualified sources of supply.\n\x0cResult of Review\n\nWe evaluated internal controls for Institution organizational checking accounts. Our\nevaluation concentrated on the use of organizational checking accounts, segregation of\nduties for operating the accounts, and record keeping and transaction documentation.\nWe determined that internal controls were weak and OC oversight for approving and re-\nviewing account usage could be strengthened. Specifically,organizational checking ac-\ncounts lacked proper segregation of duties. For instance, segregation of duties weaknesses\nexisted at the Smithsonian Tropical Research Institute and the Smithsonian Marine Sta-\ntion at Fort Pierce. At both, a staff member was responsible for more than one of the fol-\nlowing functions: approving payments, allocating funds, making deposits, writing and\nsigning checks, and reconciliation of the account. During the audit, Smithsonian Tropi-\ncal Research Institute management corrected the segregation of duties issue. Also at the\nMarine Station at Fort Pierce, in order to reimburse their unit\'s petty cash, the adminis-\ntrative officer often wrote checks payable to the administrative officer.\n\nIn addition to segregation of duties weaknesses, transactions records and supporting\ndocumentation were not readily available for audit or were incomplete. Cooper-Hewitt\nMuseum for example was unable to provide complete transaction records and supporting\ndocumentation for the audit. In addition, numerous checks were unaccountable and in-\ndividuals were signing checks who were not signatories of the account. A similar situation\nexisted at the Smithsonian Environmental Research Center with records and supporting\ndocumentation unavailable for audit.\n\nBased on our review, most transactions could have been made with purchase cards. For\nexample, we determined that units used checking accounts for paying the following:\n\n       travel;                                          replenishment of petty cash;\n\n       salary;                                          refreshments; and\n\n       services and vendors;                            merchant credit card accounts.\n\n       postage;\n\nWe also determined that some units have established merchant credit accounts with Wal-\nMart Stores and Home Depot. Units purchase items from these merchants and use the\norganizational checking account to pay for the items purchased. In some instances, pay-\nments were late and the same staff person purchased the items and also wrote the pay-\nment checks. We were also able to identify an organizational checking account not listed\non Comptroller\'s records. A checking account was established by the National Zoological\nPark to support field advances for the Golden Lion Tamarin Project. The account was\nalso used to provide deposits and advances for researchers. According to Department of\nConservation Biology staff, there were about four similar checking accounts.\n\nAdditionally, for most accounts reviewed, we identified that signatories for the accounts\nhave not been updated and contained former employees including the former Comptrol-\nler. We also determined that a Smithsonian Tropical Research Institute checking account\nused to pay employees maintains an increasing balance resulting from payroll withhold-\ning of about $14,000 as of September 2002.\n\x0cCurrent policies were not always followed, were sometimes vague, and were not specific\nregarding oversight responsibilities. OC did not critically review the need for units to\nmaintain organizational checking accounts. The most recent organizational checking ac-\ncount reviews were performed in 1999. Although, OC does perform some reconciliation\nof accounts, they have not performed any transaction level reviews.\n\nAs a result, unnecessary accounts were maintained, not used for intended purposes, and\nused without appropriate authority. Without clear policies and procedures, staffs are un-\naware of their administrative and oversight duties.\n\nConclusion\n\nImproving oversight and performing transaction level reviews supports the CFO\'s strate-\ngic goal of fiscal discipline through internal controls. Enforcing controls also strengthens\nthe financial integrity of the Institution and minimizes cash management risks. In addi-\ntion, removing organizational checking accounts and encouraging the use of the purchase\ncard should increase efficiencies and the overhead required to maintain the accounts.\n\nRecommendations\n\nWe recommended that the Comptroller:\n\n    1. Perform a re-certification of organizational checking accounts.\n\nManagement Comments\n\nConcur. The Office of the Comptroller (OC) will perform a re-certification of all 14 In-\nstitution checking accounts and will also investigate for initial certification the potential 1\nto 5 checking accounts referenced in the audit as ones for which OC had no knowledge.\nTarget date for completion of all re-certifications will be September 30,2003.\n\nOffice of the Inspector General Response \n\n\nThe Comptroller\'s actions are responsive to the recommendation. \n\n\n    2. Close unnecessary organizational checking accounts.\n\nManagement Comments\n\nConcur. OC will close unnecessary organizational checking accounts based upon results\nof the re-certifications. Target date for completion will be December 31,2003. \n\n\nOffice of the Inspector General Resvonse \n\n\nThe Comptroller\'s actions are responsive to the recommendation. \n\n\x0c    3. \t Maintain proper documentation and justification in an orderly, easily accessible\n         manner for audit.\n\nManagement Comments \n\n\nConcur. OC will develop procedures for the maintenance of organizational checking ac- \n\ncount information to include managerial oversight of information retention practices. \n\nTarget date for development of procedures will be September 30,2003. \n\n\nOfice of the Inspector General Response \n\n\nThe Comptroller\'s actions are responsive to the recommendation. \n\n\n   4. \t Update and revise the current accounting and financial polices to include current\n       offices and the establishment of credit accounts.\n\nManagement Comments \n\n\nConcur. OC will revise Smithsonian Directive 302, Financial Management: Payments, \n\nPolicies, Systems, and Procedures, to include current offices and the establishment of credit \n\naccounts. Target date for revision will be September 30,2003. \n\n\nOffice of the Inspector General Response \n\n\nThe Comptroller\'s actions are responsive to the recommendation. \n\n\n    5. \t Issue policy requiring the use of the SI purchase card for purchases as defined in\n         Smithsonian Directive 314.\n\nManagement Comments \n\n\nConcur. OC will revise Smithsonian Directive 302, Financial Management: Payments, \n\nPolicies, Systems, and Procedures, to include the requirement of use of purchase cards for \n\npurchases as defined in SD 314. Target date for revision will be September 30,2003. \n\n\nOfice of the Inspector General Response \n\n\nThe Comptroller\'s actions are responsive to the recommendation. \n\n\x0c   6. \t Establish a process for performing periodic compliance reviews to ensure internal\n        controls are operating effectively.\n\nManagement Comments\n\nConcur. OC will develop a process for the performance of compliance reviews of organ-\nizational checking accounts and will add this type of review to the OC annual compliance\nreview cycle. Target date for submission of the proposed process will be September 30,\n2003.\n\nOfice of the Inspector General Resvonse\n\nThe Comptroller\'s actions are responsive to the recommendation.\n\n   7. \t Determine how to transfer STRI withholding funds to the appropriate account,\n       and ensure the withheld amounts are in accordance with regulatory guidance.\n\n    -\nManagement Comments\n\nConcur. OC will analyze STRI withholding funds to determine the appropriate account\nto transfer the funds and will ensure the withheld amounts are processed appropriately in\ncompliance with regulatory guidance.\n\nOffice of the Inspector General Resvonse\n\nThe Comptroller\'s actions are responsive to the recommendation.\n\x0cAppendix A. Management Comments From Catheryn Hummel, Comptroller, Ofice of\nthe Comptroller\n\n\n\n10               Smithsanian Institution\n\nI\t               Ofticc of 1hs Comptroller\n                                                                                                       I\n       D~IL      April 8, 2003\n         TO      Thomas D. Blair\n                 Inspector General\n          cc \t   Alice Maroni \n\n                 Chref Financial Ofher \n\n       Fmln \t\n\n\n     Subject \t\n                 Catheryn Hummel\n                 Comptroller                 e u\n                 Management Comments to Draft Report on Audit of Smithsonian lnstltution \n\n                 OrgankationalChecking Accoutds \n\n                 I have r e v i ~ your\n                                   d draft reoort anb wncur with eech of the recommendations\n                 oresented. ~ r o m an intemal\'contfol standpoint, the issues you have discove&d\n                 are disconcertina. I am committed lo address and resolve these internal control\n                 weaknesses. ~ljecficall~,  my offie will perform the corrective action identifiedIn\n                 the paragraphs belaw for the seven findings identified.\n\n                 1. \t     Perform a re-certificationof organizationalchecking accounts.\n      \n .-                                   Concur. The O f f i of the Comptroller (OC) wlll\n                 perform a re-certificationof all 14 Instiition checking accounts and wlll also\n                 investigate for initial cerlificalion(he potential 1 to 5 checking accwnts\n                 referenced in the audit as ones for which OC had no knowledge. Target date for\n                 completion of ell re-certifications will be September 30,2003.\n                 2. \t Close unnecessaryorganizational checking accounts.\n           \n :-                         Concur. OC will dqse unnecessary otganlzational\n                 checkina accounts based umn mults of the re-oert\'iaelions. Target date for\n                 &rnplekn will be ~ecember31,2003.\n\n                 3. \t Maintain proper documentation and justiflcatiin in an orderly, easily\n                      accessible manner.\n\n                 Manauernent Comment: Concur. .OC will develop procedures tor the\n                 maintenance of or(ranizaLonal checking account infomation to include\n                 managerialoversGht of int6matlon relenti~npractices. Target date for\n                 development of procedures will be September 30.2003.\n                 4. \t Update end revise the cutrent accounting and financial policiesand\n                      procedures to Include current offees and the establishment of credlt\n                         accounts.\n\n                  Vicm BuildingSuim UUO\n                  7~GkStrrcrNW,MRC967\n                  Wairshmlpai DC XI56WK7\n                  202,ns2020 T t k p r n\n                  m 2 775 n.sx hw\n\x0cAppendix A. Management Comments From Catheryn Hummel, Comptroller, Office of\nthe Comptroller Continued\n\n\n\n\n      Manaaement Commenl: Concur. OC will revise Smithsonian Dlrectlve 302,\n      FinancialManagement: Payments, Pdicies, Systems end Pmcedums, to include\n      current offices and the establishment of credit accounts. Target date for revision\n      will be September 30,2003.\n\n      5. \t Issue policies and procedures requiring Ihe use of purchase cad8 for\n           purchases as deflned in Srnithsonian Diredive 3 14.\n\n      Manaaement Comment: Concur. OC will revise Smithsonian Directive 302,\n      FinancialManagement: Peyments, Pollcles, Systems and Pmcedures, to include\n      the requirement of use of purchase cards for purchases as deflned in SD 314.\n      1arget date for revisionwill be September 30,2003.\n      6. \t Establisha process for performing perlodie compliance reviews to ensure\n           that internal controls are operating effectively.\n\n      Manaaernenl Comment; Concur. OC will develop a process for the\n      performance of compliance reviews of organizational checking accounts end will\n      add this type of review to the OC annual &mpliance review & A e . Target date\n      for submission of the pmposed process will be September 30,2003.\n\n      7. \t Determine hw to transfer SmithsonianTropkal Research Institute (STRI)\n           withholding funds to the appropriate account and ensure the withheld\n           amounts are in accordance w#h regufatary guidance.\n\n      ManaciementComment: Concur. OC wlll analyze STRI withholding fundsto\n      determine the appmprlate account to transfer the funds and will ensure the\n      withheld amaunts ere processed appropriately in compliancewith regulatory\n      guidance.\n\n      If you have any questions regarding the management comments, please call me\n      at 2750300. 1 look forward to review of the final audi report.\n\x0c'